RE: Avoiding GET in CGIs

This is an archived low-energy page for bots and other anonmyous visitors. Please sign up if you are a human and want to interact.

First, you can handle this entirely in the .htaccess file or equivalent, at least in Apache, by making it deny from all for method GET HEAD, as in (untested):

<Files foo bar>
<Method GET HEAD>
order deny, allow
deny from all
</Method>
</Files>
[download]

Second, preventing anything but POST means I just have to write a script, and still won't need to go through your page. perldoc lwpcook shows how trivial it is to write such a program.

My advice (free, and worth every penny!): give it up. Artificial restrictions like this will always be worked around. I know, I've worked around a number myself. It's the illusion of control or security, and just that: an illusion.

-- Randal L. Schwartz, Perl hacker

Comment on RE: Avoiding GET in CGIs Download Code

Replies are listed 'Best First'.
RE: RE: Avoiding GET in CGIs by Michalis (Pilgrim) on Jul 13, 2000 at 20:57 UTC
I'm aware that if someone REALLY wants to overcome these restrictions, he may do it through literaly thousands of ways. As a matter of fact I've done it a couple of times (yes, with LWP :-) I was actually talking about the "average" site user (if such a thing exists...). By the way, thanks for the .htacess solution, it's much cleaner.	[reply]

• hippo

‥ epoptai's answer Re: how do I set a cookie and redirect was blessed by hippo!

• erzuuli

‥ Anonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.


Syntactic Confectionery Delight
	PerlMonks